China Suspected of Stealing Data from Nearly Every American in Extensive Cyberattack

A joint investigation involving multiple intelligence agencies has concluded that China may have stolen data from a vast number of Americans, including former President Donald Trump. The investigation, which spanned several years, focused on a sophisticated cyberattack attributed to entities linked to the Chinese Communist Party (CCP).

The investigation revealed a year-long cyber operation targeting over 80 countries. The group known as "Salt Typhoon," with ties to the CCP, reportedly hacked phones used by Trump and former Vice President JD Vance during the previous presidential campaign. The joint statement issued by the investigators highlighted that Chinese state-sponsored cyber actors are targeting networks globally, including telecommunications, government, transportation, lodging, and military infrastructure.

The joint statement, endorsed by numerous nations, including the U.S., Canada, Finland, Germany, and Japan, aimed to expose China's actions. The cyber actors are reported to focus on large backbone routers of major telecommunications providers, as well as provider-edge and customer-edge routers. They also leverage compromised devices and trusted connections to gain access to other networks, often modifying routers to maintain persistent, long-term access.

According to The New York Times, Cynthia Kaiser, a former top official in the FBI Cyber division, who oversaw the investigations, stated that she could not "imagine any American was spared, given the breadth of the campaign." Jennifer Ewbank, a former CIA deputy director for digital innovation, described the cyberhack as "patient, state-backed campaigns burrowed deep into the infrastructure of more than 80 countries, characterized by a high level of technical sophistication, patience, and persistence."

The security report detailing the Chinese cyberhack indicates that the stolen data could provide Chinese intelligence services with the capability to identify and track their targets' communications and movements worldwide. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted that Chinese linked cyber-actors, including Salt Typhoon, employ tactics and target selection that extend beyond traditional cyberespionage or intelligence-gathering operations.

CISA also stated that the Chinese-backed entities have carried out the hack in a way that allows hackers to "disrupt critical functions at a time of their choosing." In response to the hack, CISA is collaborating with various government agencies and partners to counter the evolving cyberthreats posed by PRC state-sponsored actors. The agency is working to create a more secure cyberspace, making it increasingly difficult for PRC threat actors to execute large-scale compromises.